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Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 . 17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on October 18, 2005 has been entered. 



Response to Amendment 

2. The amendment filed on October 18, 2005 has been fully considered but are not 
persuasive. 

Response to Arguments 

3. In response to applicant arguments regarding the amended limitations of claim 1, 
applicant is referred to the detailed rejection below. 



Claim Rejections - 35 USC §112 



The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

4. Claim 1 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the 



written description requirement. The claim(s) contains subject matter which was not described 



Application/Control Number: 09/8 1 0,446 Page 3 

Art Unit: 2153 

in the specification in such a way as to reasonably convey to one skilled in the relevant art that 
the inventor(s), at the time the application was filed, had possession of the claimed invention, 
" indicating at least one condition that must be followed as a precondition for receiving the 
respective object." Examiner could not find the words " indicating at least one condition that 
must be followed as a precondition" or it's equivalent in the specification. Furthermore, 
Examiner could not find the words "to transform the retrieved principal information value into a 
transformed valu e, and to ascertain whether the transformed value is the same as one of the 
principal information value templates stored in the object information storing section," in the 
specification as originally filed. In paragraph 0037, page 9 of the specification as originally filed 
states "The "principallnfoValueTemplate" represents a matching rule used to obtain an object 
corresponding to the principal, which is adapted to associate the information about the principal 
with the information about the object, for example, to define operations to derive, using the 
information about the principal, the object corresponding to the principal." This in not the same 
as "to transform the retrieved principal information value into a transformed valu e, and to 
ascertain whether the transformed value is the same as one of the principal information value 
templates stored in the object information storing section. Finally, Examiner could not find the 
words of "determined to fulfill a condition" or its equivalence in the specification as originally 
file. 

Claim 1 1 and 12 is rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with the 
written description requirement. The claim(s) contains subject matter which was not described 
in the specification in such a way as to reasonably convey to one skilled in the relevant art that 
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the inventor(s), at the time the application was filed, had possession of the claimed invention. 
"A principal is added or deleted by modifying said principal information in said principal 
information storing section, without modifying said object information stored in said object 
information storing section ." Examiner could not find the words of "adding or deleting a 
principal by modifying a principal information in the information storing section, without 
modifying an object information stored in said object information storing section" It is not clear 
how this limitation is supported by the specification. 



Claim Rejections - 35 USC § 112 



The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



5. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. It is unclear to the examiner what the phrase "to use a matching rule to transform the 
retrieved principal information value into a transformed value, and to ascertain whether the 
transformed value is the same as one of the principal information value templates stored in the 
object information storing section", in which case said one of said principals is determined to 
fulfill a condition for being and authorized recipient of the object corresponding to said one of 
the principal information value templates:" means. 
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Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-3, 5, 6, 9 and 13 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Wobber et al. (U.S. Patent Number 5,235,642, hereinafter "Wobber"). Wobber discloses an 
access control subsystem and method for distributed computer system using locally cached 
authentication credentials. Wobber shows, 

In referring to claim 1, 

• A principal information storing section to store first information about each of said 
plurality of principals, the first information for each principal including a principal ID 
that identifies the respective principal and principal information value that contains 
information about the respective principal: 

"The computer at each node of the distributed system has a trusted computing base that 
includes an authentication agent for authenticating requests received from principals at 
other nodes in the system" (Wobber, col. 1, lines 55-58) Wobber Fig. 2 shows an 
Authentication agent 134 that includes a storing section to store information about each 
of said plurality of principals 142, 144, and 160. See also Fig. 5 A Each node's 
authentication agent 134 maintains an Auth ED table 142, shown in FIG. 5A, which lists 
the name of the principal and its assigned Auth ID. Each record in the table would 
typically also include other information, such as the name of the process that the principal 
is logged onto " Col. 5, lines 29-34) 

• An object information storing section to store second information about each of a 
plurality of said objects, the second information for each object including an object 
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information value that identifies the respective object and a principal object information 
value template corresponding to the respective object and indicating at least one 
condition that must be followed as a precondition for receiving the respective object 
"A further optimization is that the server process local cache is used to store a list of the 
object access control list entries previously satisfied by each requester, thereby enabling 
the server process to expedite granting access to previously accessed objects. " (Wobber, 
col. 2, lines 18-22) Wobber Fig. 2 shows an object information storing section to store 
information about each of a plurality of said objects 136 including access control lists 
138. See also col. 6, lines 40-68 

• An application section to retrieve a principal information value stored in said principal 
information storing section in response to a principal ID supplied by one of said 
principals, to use a matching rule to transform the retrieved principal information value 
into a transformed value, and to ascertain whether the transformed value is the same as 
one of the principal information value templates stored in the object information storing 
section, in which case said one of said principals is determined to fulfill a condition fro 
being and authorized recipient of the object corresponding to said one of the principal 
information value templates: 

"In the preferred embodiment, the objects 136 to which access is governed by the 
reference monitor program 132 on node 102-1 are stored in the computer at that node 
(other arrangements may be possible). Each object 136 includes an Access Control List 
(ACL) 138 which defines the set of 'principals' who are authorized to access the object 
136. " (Wobber, col. 4, lines 24-30. See also col. 7, lines 22-63) 

In referring to claim 2, 

• Said object supplying device is a distributed processing device in a distributed processing 
system including a network and said distributed processing device being connected to 
said network: 
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"The present invention relates generally to controlling access to computer resources in a 
distributed computer system, and particularly to apparatus and methods for making such 
access control systems more efficient by locally caching in each computer authentication 
credentials for principals requesting use of that computer's resources. " (Wobber, col. 1, 
lines 7-13) 

In referring to claim 3, 

• Said distributed processing system includes said distributed processing device operating 
as a server: 

"Requests are transmitted to servers as messages that include a first identifier (called an 
Auth ID) provided by the requester and a second identifier provided (called the 
subchannel value) by the authentication agent of the requester node. " (Wobber, col. 1, 
lines 59-63) 

• A plurality of client units being connectable to said server through said network and 
wherein said principal is any one of said client units, a user using said client unit and an 
object contained in said client unit: 

"A principal is herein defined to be the source of a request or assertion. Typically, one 
thinks of a principal as a person, or a machine acting on behalf of a person. However, 
processes many layers removed from human direction, such as those in a transaction 
processing system, can also be principals. " (Wobber, col. 4, lines 15-20) 

In referring to claim 5, 

• A receiving section to receive, from said principal, information about authentication 
needed to authenticate one principal and an authenticating section to authenticate said one 
principal based on said authentication information received by said receiving section and 
by referring to said information stored in said principal information storing section: 

"If the identifier in a request message does not match any of the entries in the server's 
local cache, then the server node's authentication agent is called to obtain authentication 
credentials from the requester's node to authenticate the request message. Upon 
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receiving the required credentials from the requester node's authentication agent, the 
principal identifier of the requester and the received credentials are stored in a local 
cache by the server node's authentication agent. " (Wobber, col, 2, lines 5-17) 

• Said application section, when said one principal is authenticated by said authenticating 
section to be an authorized principal, performs retrieval and supply of said object: 
"Each object 136 includes an Access Control List (ACL) 138 which defines the set of 
"principals" who are authorized to access the object J 36. " (Wobber, col. 4, lines 27-30) 

In referring to claim 6, 

• Said application section, when being requested by said one principal to supply an object, 
performs retrieval and supply of said object: 

Wobber, col. 4, lines 27-30 (see full quote above) 

In referring to claim 9, 

• Combination of said information stored in said principal information storing section with 
said information stored in said object information storing section is defined by a 
predetermined matching rule: 

Wobber, col. 4, lines 27-30 (see full quote above) 

In referring to claim 10, 

• Said application section further comprises a plurality of services defining said objects, 
and supplies said object corresponding to said one of said principals to said one of said 
principals over a network: "Objects can be files, processes, set of data such as table or 
database, programs (e.g., an interface program which governs use of an input/output 
device), and so on. In the preferred embodiment, the objects 136 to which access is 
governed by the reference monitor program 132 on node 102-1 are stored in the computer 
at that node (other arrangements may be possible). Each object 136 includes an Access 
Control List (ACL) 138 which define the set of "principals" who are authorized to access 
the object 136. " (Wobber, col. 4, lines 21-30) 
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In referring to claim 11, 

• A principal is added or deleted by modifying said principal information in said principal 
information storing section, without modifying said object information stored in said 
object information storing section: The system of Wobber maintains an Auth ED table 
that is separate from the ACL of the objects. Modifying one will not affect the other 

In referring to claim 12, 

• A principal is added or deleted by modifying said object information in said object 
information storing section, without modifying said principal information stored in said 
principal information storing section: 

The system of Wobber maintains an Auth ID table that is separate from the ACL of the 
objects. Modifying one will not affect the other 

As per claim 13, Wobber teaches the object supplying device according to claim 1, 
wherein the first information stored in the principal information storing section 
additionally includes principal information key data and the second information stored in 
the object information storing section additionally includes principal information key 
data, the stored principal information key data being used as another condition for 
determining authorized recipient of objects "the present invention is a security system 
governing access to objects in a distributed computer system. The computer at each node 
of the distributed system has a trusted computing base that includes an authentication 
agent for authenticating requests received from principals at other nodes in the system. 
Requests are transmitted to servers as messages that include a first identifier (called an 
Auth ID) provided by the requester and a second identifier provided (called the 
subchannel value) by the authentication agent of the requester node. Each server process 
has an associated local cache that identifies requesters whose previous request messages 
have been authenticated " Col. 1, lines 53 to col 2, lines 4 and col. 7, lines 22-63) 



Application/Control Number: 09/810,446 
Art Unit: 2153 



Page 10 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7, Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Wobber in view of 
Moriya et al. (U.S. Patent Number 6108790, hereinafter "Moriya"). Although Wobber shows 
substantial features of the claimed invention, Wobber does not show a portable terminal as the 
client. Nonetheless this feature is well known in the art and would have been an obvious 
modification to the system disclosed by Wobber as evidenced by Moriya. 

In analogous art, Moriya discloses an authentication system using a network. Moriya shows 
the distributed processing system is a portable communication system provided with a portable 
communication terminal and wherein said client unit constituting said principal is said portable 
communication terminal: "Each of the communication terminals 1-1 through 1-n is a computer 
connected to a modem, a terminal adapter, or the like, or a portable electronic device such as a 
PDA (Personal Data Assistance). " (Moriya, col. 3, lines 60-63) 

Given these teachings, a person of ordinary skill in the art would have readily recognized the 
desirability and advantages of modifying the system of Wobber so as to use a portable terminal 
as the client, such as taught by Moriya, in order to allow portable devices to access the system. 

8. Claim 7-8 and 14-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wobber in view of Mellen-Garnett et al US. Patent Number (6507875) hereinafter "Mellen" 

As per claims 7-8 and 17, Although Wobber shows substantial features of the claimed invention, 
including the system of claim 1 (see 102 rejection above), he does not explicitly show notifying 
changes to any service requesting notification of said changes. Nonetheless this feature is well 
known in the art and would have been an obvious implementation of the system disclosed by 
Mellen. 
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In analogous art, Mellen teaches " Event notifications initiate processing in an application 
collaboration module. Events are also used to communicate changes between various 
components. Events are generated from connectors to allow applications to communicate 
modifications in the application's data to the interchange server." (Col. 20, lines 20-25). Given 
these teachings, a person of ordinary skill in the art would have readily recognized the 
desirability and advantages of modifying the system of Wobber so as to use the event 
notification system of Moriya, in order to communicate changes occurring within the system to 
event subscribers upon receipt of particular events. 

As per claim 14, Wobber teaches the object supplying device according to claim 1, wherein the 
first information stored in the principal information storing section additionally includes 
principal information key data and the second information stored in the object information 
storing section additionally includes principal information key data, the stored principal 
information key data being used as another condition for determining authorized recipient of 
objects "the present invention is a security system governing access to objects in a distributed 
computer system. The computer at each node of the distributed system has a trusted computing 
base that includes an authentication agent for authenticating requests received from principals at 
other nodes in the system. Requests are transmitted to servers as messages that include a first 
identifier (called an Auth ID) provided by the requester and a second identifier provided (called 
the subchannel value) by the authentication agent of the requester node. Each server process has 
an associated local cache that identifies requesters whose previous request messages have been 
authenticated." Col. 1, lines 53 to col. 2, lines 4 and col. 7, lines 22-63) 

As per claim 15 and 16, the object supplying device according to claim 14, wherein the principal 
information managerial section comprises an entity registering table to register entities needing 
to receive data indicating a change in the principal information storing section and wherein the 
entities are services (col. 6, lines 38-64). 
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Conclusion 



9. The prior made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Yasin Barqadle whose telephone number is 571-272-3947. The examiner 
can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glenn Burgess can be reached on 571-272-3949. The fax phone numbers for the organization 
where this application or proceeding is assigned are 703-872-9306 for regular communications 
and 703-746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained form the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either private PAIR or public PAIR system. Status information for 
unpublished applications is available through private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
YB 
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